Add simple RBAC chart

This is not a configurable, generic implementation.  It is a starting
point that will facilitate moving forward in the short term.

Change-Id: I65b627b24e447dd218422f8807e04bc4e1cf6a55

assets/etc/kubernetes/armada-loader/assets/charts/rbac/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+description: A chart to apply kubernetes RBAC permissions
+name: rbac
+version: 0.1.0

assets/etc/kubernetes/armada-loader/assets/charts/rbac/templates/cluster-role-binding.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1alpha1
+kind: ClusterRoleBinding
+metadata:
+  name: generous-permissions
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: Group
+  name: system:masters
+- kind: Group
+  name: system:authenticated
+- kind: Group
+  name: system:unauthenticated

promenade/templates/genesis/etc/kubernetes/armada-loader/assets/promenade-armada.yaml

@@ -7,6 +7,7 @@ data:
   release_prefix: promenade
   chart_groups:
     - promenade-networking
+    - promenade-rbac
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -19,6 +20,15 @@ data:
     - calico
     - kube-dns
 ---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: promenade-rbac
+data:
+  description: core
+  chart_group:
+    - rbac
+---
 schema: armada/Chart/v1
 metadata:
   schema: metadata/Document/v1
@@ -69,3 +79,20 @@ data:
     location: /etc/kubernetes/armada-loader/assets/charts
     subpath: kube-dns
   dependencies: []
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: rbac
+data:
+  chart_name: rbac
+  release: rbac
+  namespace: kube-system
+  timeout: 600
+  values: {}
+  source:
+    type: local
+    location: /etc/kubernetes/armada-loader/assets/charts
+    subpath: rbac
+  dependencies: []
+...